Orda
v1 · stable

API documentation

REST + Webhooks. Predictable URLs, JSON bodies, conventional HTTP codes.

Authentication

POST
/v1/auth/session

Create session

Exchange credentials for a session token.

Request
{
  "email": "aria@orda.app",
  "password": "••••••"
}
Response
{
  "token": "ord_sess_8f2…",
  "expiresAt": "2026-05-27T16:00:00Z",
  "user": { "id": "u-cust", "role": "customer" }
}
DELETE
/v1/auth/session

End session

Invalidate the current session token.

Response
{ "ok": true }

Orders

POST
/v1/orders

Place order

Creates a draft order and a payment intent.

Request
{
  "cafeId": "c-1",
  "table": "T-07",
  "items": [{ "itemId": "c-1-m-1", "qty": 2 }]
}
Response
{
  "orderId": "ORD-1102",
  "paymentIntent": "pi_3M…",
  "total": 9.5
}
GET
/v1/orders/:id

Get order

Returns order detail and live status.

Response
{
  "id": "ORD-1042",
  "status": "preparing",
  "items": [ ... ]
}
PATCH
/v1/orders/:id

Update status

Café advances the state machine.

Request
{ "status": "ready" }
Response
{ "ok": true }

Webhooks

POST
/webhooks/payments

Stripe events

We verify the signature on every event.

Request
{
  "type": "payment_intent.succeeded",
  "data": { "object": { "id": "pi_3M…" } }
}
Response
200 OK
POST
/webhooks/orders

Order updates

Push to external POS or fulfillment systems.

Response
200 OK